medium

AWS SageMaker Jupyter Notebook instance CSRF

Published Thu, Dec 2nd, 2021
Platforms

Summary

AWS SageMaker Notebook server lacked a check of the Origin header that led to a CSRF vulnerability. An attacker could have read sensitive data and execute arbitrary actions in customer environments. The exact same issue existed in GCP previously.

Affected Services

SageMaker Jupyter Notebook

Remediation

None required

Tracked CVEs

No tracked CVEs

References

Disclosure Date
Thu, Dec 2nd, 2021
Exploitablity Period
-
Known ITW Exploitation
-
Detection Methods
-
Discovered by
Gafnit Amiga, Lightspin